Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.6:7516]
Modules linked in:
irq event stamp: 6078887
hardirqs last  enabled at (6078886): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (6078887): [<ffffffff844232ff>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (6043652): [<ffffffff81181dbb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (6043655): [<ffffffff81181dbb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 7516 Comm: syz-executor.6 Not tainted 6.2.0-rc3-next-20230109 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x348/0x2130
Code: 8e c7 15 00 00 41 c6 46 40 01 49 c7 c0 40 4c 4c 85 48 b8 00 00 00 00 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 <4c> 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 e4 14 00 00 41 0f b6 40
RSP: 0018:ffff88806cf097e0 EFLAGS: 00000216
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8134bc49
RDX: 1ffffffff0c11f2b RSI: ffffffff8608f954 RDI: ffffffff85d7fb10
RBP: ffff88806cf098b8 R08: ffffffff8608f954 R09: ffffffff8608f958
R10: ffffed100d9e1319 R11: 0000000000038001 R12: ffff88806cf098a1
R13: ffff88806cf098c0 R14: ffff88806cf09860 R15: ffffffff8134bc49
FS:  00007f6fca9b8700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001140 CR3: 0000000037c18000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa00
 __kmem_cache_free+0x8b/0x2f0
 skb_release_data+0x6d8/0x810
 consume_skb+0xcb/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:put_cpu_partial+0x115/0x1c0
Code: 39 43 28 75 61 48 c7 43 28 00 00 00 00 48 c7 c6 e0 01 7d 81 48 89 df e8 39 15 af ff 48 85 ed 74 06 e8 3f 87 d3 ff fb 4d 85 ed <74> 21 5b 4c 89 ee 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 54 fa ff
RSP: 0018:ffff888045fbf5f0 EFLAGS: 00000246
RAX: 000000000050af3b RBX: ffff88806cf3ff10 RCX: ffffffff812b799f
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff8764e95f
R10: fffffbfff0ec9d2b R11: 0000000000000001 R12: ffff888008783280
R13: 0000000000000000 R14: ffffea0001124200 R15: 0000000000000002
 qlist_free_all+0x6d/0x1a0
 kasan_quarantine_reduce+0x196/0x230
 __kasan_slab_alloc+0x49/0x70
 __kmem_cache_alloc_node+0x17e/0x2f0
 __kmalloc+0x46/0xc0
 ext4_find_extent+0xa41/0xd30
 ext4_ext_map_blocks+0x1c7/0x5dd0
 ext4_map_blocks+0xb15/0x19e0
 ext4_append+0x1af/0x530
 ext4_init_new_dir+0x262/0x4c0
 ext4_mkdir+0x3d3/0xb20
 vfs_mkdir+0x495/0x740
 do_mkdirat+0x16e/0x2d0
 __x64_sys_mkdir+0xf6/0x150
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f6fcd441c27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6fca9b7fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fcd441c27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
RBP: 00007f6fca9b8040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000100 R14: 00007f6fca9b8000 R15: 0000000000000000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 7520 Comm: syz-executor.2 Not tainted 6.2.0-rc3-next-20230109 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_cmp8+0x8/0x20
Code: 00 00 00 e9 ea fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <48> 89 f2 48 89 fe bf 06 00 00 00 e9 b8 fe ff ff 0f 1f 84 00 00 00
RSP: 0018:ffff88806ce09778 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 000000000000000a RCX: ffffffff8159b3b1
RDX: ffff888020099ac0 RSI: 0000000000000064 RDI: 000000000000000a
RBP: ffff888008de1d60 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888008de1f68 R14: 0000000000000064 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00633f568 CR3: 000000001728c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __perf_event_account_interrupt+0x221/0x2c0
 __perf_event_overflow+0xbf/0x760
 perf_swevent_hrtimer+0x361/0x3d0
 __hrtimer_run_queues+0x17f/0xcb0
 hrtimer_interrupt+0x319/0x770
 __sysvec_apic_timer_interrupt+0x148/0x510
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:ieee80211_beacon_get_tim+0x1b0/0x540
Code: 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 62 03 00 00 8b 9d 84 06 00 00 <31> ff 89 de e8 87 0b 3a fd 85 db 75 41 e8 4e 0f 3a fd 48 b8 00 00
RSP: 0018:ffff88806ce09c88 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: 0000000000000100
RDX: 0000000000000000 RSI: ffffffff840f62d9 RDI: ffff888045b89464
RBP: ffff888045b88de0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888045b88e38
R13: ffff888043da6000 R14: 1ffff1100d9c1392 R15: ffff88803c0e62e8
 mac80211_hwsim_beacon_tx+0x1d2/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:percpu_counter_add_batch+0x144/0x1a0
Code: 01 30 e8 af db 23 02 e8 7a f9 28 ff 31 ff 48 89 de e8 d0 f5 28 ff 48 85 db 74 0b e8 66 f9 28 ff e8 31 10 30 ff fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 4d f9 28 ff e8 48 f9 28 ff 65 45
RSP: 0018:ffff88803c3476c8 EFLAGS: 00000282
RAX: 00000000004fac1b RBX: 0000000000000200 RCX: ffffffff812b799f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000020 R08: 0000000000000001 R09: ffffffff8764e907
R10: fffffbfff0ec9d20 R11: 0000000000000001 R12: ffff888018d8f620
R13: ffffffffffffffe4 R14: ffffffffffffffe1 R15: 0000607f92e011a8
 unmap_page_range+0xdff/0x2c90
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f7b1ddd4b19
Code: Unable to access opcode bytes at 0x7f7b1ddd4aef.
RSP: 002b:00007f7b1b308218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f7b1dee80e8 RCX: 00007f7b1ddd4b19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7b1dee80e8
RBP: 00007f7b1dee80e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b1dee80ec
R13: 00007fffa27e0a5f R14: 00007f7b1b308300 R15: 0000000000022000
 </TASK>
Bluetooth: hci3: command 0x0406 tx timeout
=======================================================
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
loop3: detected capacity change from 0 to 40
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	41 c6 46 40 01       	movb   $0x1,0x40(%r14)
   7:	49 c7 c0 40 4c 4c 85 	mov    $0xffffffff854c4c40,%r8
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	4d 8d 48 04          	lea    0x4(%r8),%r9
  1c:	4c 89 ca             	mov    %r9,%rdx
  1f:	48 c1 ea 03          	shr    $0x3,%rdx
  23:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
* 27:	4c 89 ca             	mov    %r9,%rdx <-- trapping instruction
  2a:	83 e2 07             	and    $0x7,%edx
  2d:	38 d0                	cmp    %dl,%al
  2f:	7f 08                	jg     0x39
  31:	84 c0                	test   %al,%al
  33:	0f 85 e4 14 00 00    	jne    0x151d
  39:	41                   	rex.B
  3a:	0f                   	.byte 0xf
  3b:	b6 40                	mov    $0x40,%dh